The Failure of Online Social Network Privacy SettingsMadejskiMichelleauthorColumbia University. Computer ScienceJohnsonMaritza LupeauthorColumbia University. Computer ScienceBellovinSteven MichaelauthorColumbia University. Computer ScienceColumbia University. Computer ScienceoriginatorcontributortextTechnical reportsNew YorkDepartment of Computer Science, Columbia University2011Increasingly, people are sharing sensitive personal information via online social networks (OSN). While such networks do permit users to control what they share with whom, access control policies are notoriously difficult to configure correctly; this raises the question of whether OSN users' privacy settings match their sharing intentions. We present the results of an empirical evaluation that measures privacy attitudes and intentions and compares these against the privacy settings on Facebook. Our results indicate a serious mismatch: every one of the 65 participants in our study confirmed that at least one of the identified violations was in fact a sharing violation. In other words, OSN users' privacy settings are incorrect. Furthermore, a majority of users cannot or will not fix such errors. We conclude that the current approach to privacy settings is fundamentally flawed and cannot be fixed; a fundamentally different approach is needed. We present recommendations to ameliorate the current problems, as well as provide suggestions for future research.Computer scienceColumbia University Computer Science Technical ReportsCUCS-010-11http://hdl.handle.net/10022/AC:P:10666EnglishNNCNNC2011-07-08 11:30:11 -04002011-07-08 11:36:34 -04004617eng